AWS Security ChangesHomeSearch

AWS codeguru documentation change

Service: codeguru · 2025-10-10 · Documentation low

File: codeguru/latest/reviewer-ug/auth-and-access-control-using-tags.md

Summary

Added deprecation notice for repository associations after 2025-11-07 and removed multiple IAM policy examples related to tag-based access control

Security assessment

The change announces service deprecation aspects but does not address specific security vulnerabilities. Removal of IAM policy examples reduces documentation about access control patterns but doesn't indicate a resolved security flaw.

Diff

diff --git a/codeguru/latest/reviewer-ug/auth-and-access-control-using-tags.md b/codeguru/latest/reviewer-ug/auth-and-access-control-using-tags.md
index db3612674..35ecbb16e 100644
--- a//codeguru/latest/reviewer-ug/auth-and-access-control-using-tags.md
+++ b//codeguru/latest/reviewer-ug/auth-and-access-control-using-tags.md
@@ -4,0 +5,2 @@
+Starting November 7, 2025, you will not be able to create new repository associations in Amazon CodeGuru Reviewer. If you would like to use the service, create repository associations prior to November 7, 2025. To learn about services with capabilities similar to CodeGuru Reviewer, see [Amazon CodeGuru Reviewer availability change](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/codeguru-reviewer-availability-change.html).
+
@@ -35,32 +36,0 @@ The following policy denies users permission to the `DisassociateRepositoryAssoc
-    
-    {
-      "Version": "2012-10-17",
-      "Statement": [
-        {
-          "Effect": "Deny",
-          "Action": [
-            "codeguru-reviewer:DescribeRepositoryAssociation"
-          ],
-          "Resource": "*",
-          "Condition": {
-            "ForAnyValue:StringEquals": {
-              "aws:RequestTag/ViewAssocatedRepositoryDetails": "DenyViewRepository"
-            }
-          }
-        },
-        {
-          "Effect": "Deny",
-          "Action": [
-            "codeguru-reviewer:DisassociateRepository"
-          ],
-          "Resource": "*",
-          "Condition": {
-            "ForAnyValue:StringEquals": {
-              "aws:TagKeys": ["DenyDisassociate"]
-            }
-          }
-        }
-      ]
-    }
-    
-
@@ -71,17 +40,0 @@ You can create a policy that allows or denies actions on CodeGuru Reviewer code
-    
-    {
-      "Version": "2012-10-17",
-      "Statement" : [
-        {
-          "Effect" : "Deny",
-          "Action" : [
-            "codeguru-reviewer:ListRecommendations"
-           ]
-          "Resource" : "arn:aws:codeguru-reviewer:us-west-2123456789012:association:*",
-          "Condition" : {
-             "StringEquals" : "aws:ResourceTag/Recommendations": "Secret"
-            }
-        }
-      ]
-    }
-
@@ -92,22 +44,0 @@ You can create policies that selectively allow CodeGuru Reviewer actions on all
-    
-    {
-       "Version": "2012-10-17",
-       "Statement": [
-          {
-             "Effect": "Allow",
-             "Action": [
-                "codeguru-reviewer:AssociateRepository",
-                "codeguru-reviewer:DescribeRepositoryAssociation",
-                "codeguru-reviewer:DisassociateRepositoryAssociation"
-             ],
-             "Resource": "*",
-             "Condition": {
-                "StringNotEquals": {
-                   "aws:ResourceTag/Status": "AssociatedRepositoryAllow",
-                   "aws:ResourceTag/Team": "Saanvi"
-                }
-             }
-          }
-       ]
-    }
-